Unpatched Security Flaws Disclosed in Multiple Document Management Systems (DMS)

guest · Feb 9, 2023

By Ravie Lakshmanan - February 8, 2023

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.
Click to expand...

Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization."
Click to expand...

The list of eight cross-site scripting (XSS) flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows -

CVE-2022-47412 - ONLYOFFICE Workspace Search Stored XSS

CVE-2022-47413 and CVE-2022-47414 - OpenKM Document and Application XSS

CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, and CVE-2022-47418 - LogicalDOC Multiple Stored XSS

CVE-2022-47419 - Mayan EDMS Tag Stored XSS

Click to expand...

A threat actor can exploit the aforementioned flaws by providing a decoy document, granting the interloper the ability to further their control over the compromised network,

"A typical attack pattern would be to steal the session cookie that a locally-logged in administrator is authenticated with, and reuse that session cookie to impersonate that user to create a new privileged account," Tod Beardsley, director of research at Rapid7, said.
Click to expand...

Rapid7: Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

By Tod Beardsley - February 7, 2023
Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System (DMS) offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralization of Input During Web Page Generation, in this disclosure, we have ordered them from most severe to least.
Click to expand...

guest · Feb 10, 2023

Radio silence from DMS vendor quartet over XSS zero-days
By Charlie Osborne @SecurityCharlie - February 10, 2023

Researchers have disclosed a raft of serious document management system (DMS) vulnerabilities impacting four enterprise vendors who have not yet resolved the issues.
Click to expand...

In a blog post published on Tuesday (February 7), Tod Beardsley, director of research at Rapid7, said the cross-site scripting (XSS) flaws affected vendors ONLYOFFICE, OpenKM, LogicalDOC, and Mayan.

All software examined by Rapid7 are on-prem, cloud, open source, or freemium DMS solutions.
Click to expand...

No response
In all instances, Rapid7 attempted to contact the vendors via email addresses, support channels, and support tickets.

“Unfortunately, none of these vendors were able to respond to Rapid7's disclosure outreach, despite having coordinated these disclosures with CERT/CC,” the company said. “As such, these issues are being disclosed in accordance with Rapid7's vulnerability disclosure policy.”
Rapid7 told The Daily Swig that none of the organizations have been in contact since the disclosure.
Click to expand...

The Daily Swig has reached out to each vendor for comment. We will update this story if and when we hear back.
Click to expand...

Log in or Sign up

Unpatched Security Flaws Disclosed in Multiple Document Management Systems (DMS)

guest Guest

guest Guest

Log in or Sign up

Unpatched Security Flaws Disclosed in Multiple Document Management Systems (DMS)

guest Guest

guest Guest

Useful Searches